languages | page_type | products | description | |||
---|---|---|---|---|---|---|
|
sample |
|
This sample repo contains sample code demonstrating common mechanisms for authenticating to an Azure Key Vault. |
Warning
THIS DOCUMENT IS OUTDATED AND HAS BEEN DEPRECATED.
For updated samples on how to authenticate with your Key Vault application, please refer to this document. For a general overview about the Azure Identity library, see here. You can also find samples on how to use most types of credentials for authentication here.
This sample repo contains sample code demonstrating common mechanisms for authenticating to an Azure Key Vault.
-
Create Key Vault
-
Create a Key Vault client using certificate based authentication
-
Create a secret inside the Key Vault
-
Get the secret
- KeyVaultCertificateAuthenticator -- authenticates to an Azure Key Vault through a service principal with a self signed certificate. This takes in a pem file with the certificate and private key. This is the recommended way to authenticate to Key Vault.
- KeyVaultADALAuthenticator -- authenticates to an Azure Key Vault by providing a callback to authenticate using ADAL.
- Java 1.7+
- An Azure Service Principal, through Azure CLI, PowerShell or Azure Portal.
- A self signed certificate, uploaded to your service principal through Azure Portal or Powershell.
-
If not installed, install Java.
-
Clone the repository.
git clone https://github.com/Azure-Samples/key-vault-java-authentication.git
-
Create an Azure service principal, using Azure CLI, PowerShell or Azure Portal. Note that if you wish to authenticate with the certificate authenticator the certificate should be saved locally.
-
Use an authentication file to authenticate to the Azure management plane.
-
Add these variables to pom.xml for a demo of certificate authentication. Note that CERTIFICATE_PASSWORD is optional depending on whether or not your .pem file requires a certificate.
<systemProperties>
<systemProperty>
<key>AZURE_TENANT_ID</key>
<value>{AZURE_TENANT_ID}</value>
</systemProperty>
<systemProperty>
<key>AZURE_CLIENT_ID</key>
<value>{AZURE_CLIENT_ID}</value>
</systemProperty>
<systemProperty>
<key>AZURE_AUTH_LOCATION</key>
<value>{AZURE_AUTH_LOCATION}</value>
</systemProperty>
<systemProperty>
<key>CERTIFICATE_PATH</key>
<value>{CERTIFICATE_PATH}</value>
</systemProperty>
<systemProperty>
<key>CERTIFICATE_PASSWORD</key>
<value>{CERTIFICATE_PASSWORD}</value>
</systemProperty>
<systemProperties>
For ADAL authentication, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET also must be set.
- Run
mvn clean compile exec:java
for a sample run through.
The Key Vault secrets SDK here is com.azure.azure-security-keyvault-secrets, if you are using the latest version of the Key Vault SDK package, please refer to the following examples:
-
IdentityReadmeSamples.java shows multiple ways to authenticate the Key Vault client via DefaultAzureCredential, device code, client secret or certificate in addition to others.
-
HelloWorld.java - Examples for common Key Vault tasks:
- Create a secret inside the Key Vault
- Get the secret